Very new to Kong here, and struggling with Kong routing. On version Kong 3.3.0.
I'm making a request from one machine to another, going through two gateways, one Nginx and the other Kong. The Kong gateway is returning the following error...
{
"message":"no Route matched with those values"
}
...despite the URI matching the expected route path. Weirdest of all, the same curl request works if I make it on the machine where the Kong gateway resides. It's only after passing through the Nginx gateway that the request seems to fail to match.
In addition, my attempts to debug this using this Kong troubleshooting guide have failed. I tried using Kong-Debug, but I only receive the debug response headers if I make the request on the Kong gateway's machine. I couldn't make the tracing configurations work. And there are no global or route-specific plugins causing the request to drop.
Is this enough context to ask for more debugging ideas and possible issues? I was thinking maybe it has something to do with the nginx server, or the fact that the request comes from another machine?
The curl request
curl -k --verbose --location 'https://api.foo.com/identity-provider/oauth2/token'
The Kong route
{
"next": null,
"data": [
{
"methods": null,
"sources": null,
"destinations": null,
"created_at": 1727956168,
"updated_at": 1727956168,
"https_redirect_status_code": 426,
"regex_priority": 0,
"snis": [
"api.foo.com"
],
"tags": null,
"name": "identity-provider",
"id": "aca5d660-891d-491c-a337-a6b4c974e23f",
"headers": null,
"path_handling": "v0",
"protocols": [
"https"
],
"response_buffering": true,
"service": {
"id": "4861e944-7086-49b9-9ff6-9cce79f0e16c"
},
"request_buffering": true,
"preserve_host": false,
"hosts": [
"api.foo.com"
],
"strip_path": true,
"paths": [
"/identity-provider"
]
}
]
}
The Kong log
Remote: (172.16.1.126) kong [03/Oct/2024:12:03:56 +0000] POST /identity-provider/oauth2/token HTTP/1.1 404 Upstream: (-) api.myfoo.com 172.16.1.126, 172.16.1.126
The log_format
log_format print_upstream 'Remote: ($remote_addr) $server_name [$time_local] $request $status Upstream: ($upstream_addr) $host Forwarded for: ($http_x_forwarded_for)';
The nginx config (summarized)
http {
upstream foo-upstream {
server api-other.foo.com:443;
keepalive 10;
}
server {
listen 443 ssl default_server;
server_name api.bar.com;
location /identity-provider/oauth2/token {
access_log /var/log/nginx/security-server-endpoint.log main;
proxy_pass https://foo-upstream/identity-provider/oauth2/token;
}
}
}
Note: I know the server name is api.bar.com instead of api.foo.com. I tried changing the server name and setting up the certificates. Same route matching error, so I don't think this is the root cause.
The dnsmasq config on the machine with nginx
address=/api.foo.com/172.16.1.126
address=/api-other.foo.com/172.16.2.127
server=/foo.com/172.16.2.126
Note:
172.16.1.126172.16.2.126The networking path for the curl request as I understand it is this: api.foo.com
Relevant answer here: Rails: No route matches error for requests forwarded through Kong (Heroku) Documentation: https://docs.konghq.com/gateway/latest/reference/configuration/#trusted_ips
The answer was the trusted_ips configuration. My trusted IPs configuration included the IP of the machine with the nginx server (172.16.1.126). Once I excluded that IP address from the netmask, the request matched as expected.